STANlite a database engine for secure data processing at rack-scale - - PowerPoint PPT Presentation

STANlite – a database engine for secure data processing at rack-scale level

IEEE International Conference on Cloud Engineering (IC2E’18)

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza, April 20, 2018

This work was partly supported by the DFG under priority program SPP2037

Institute of Operating Systems and Computer Networks

Design of STANlite Implementation of key components Evaluation Related works Conclusion

Intro

Data processing in cloud databases – commonly used practice Leakage of security sensitive information Compromising of data processing Mechanisms of prevention: Own trusted infrastructure Secure processors Homomorphic encryption

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 2

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

Intro

Data processing in cloud databases – commonly used practice Leakage of security sensitive information Compromising of data processing Mechanisms of prevention: Own trusted infrastructure Secure processors Homomorphic encryption Intel Software Guard eXtensions (SGX) Trusted execution in untrusted environments

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 2

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

Trusted execution in untrusted environments

SGX Enclaves – new system entities: Located in User space Physical pages are encrypted Cannot be accessed by devices or software

Hardware Hypervisor Operating System App. App. TCB Hardware Hypervisor Operating System App. App.

Without an enclave With an enclave

Trusted Computing Base

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 3

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

Trusted execution in untrusted environments

SGX Enclaves – new system entities: Located in User space Physical pages are encrypted Cannot be accessed by devices or software

Hardware Hypervisor Operating System App. App. TCB Hardware Hypervisor Operating System App. App.

Without an enclave With an enclave

Trusted Computing Base

⇒ Trusted execution on commodity hardware

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 3

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

Programming of enclaves

Challenges: Software should be self-contained and fully located inside an enclave

No dependencies

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 4

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

Programming of enclaves

Challenges: Software should be self-contained and fully located inside an enclave

No dependencies

Some instructions are forbidden

No System calls

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 4

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

Programming of enclaves

Challenges: Software should be self-contained and fully located inside an enclave

No dependencies

Some instructions are forbidden

No System calls

ECalls and OCalls – expensive switching mechanisms between trusted and untrusted modes

At least in 50 times slower than a system call [1, 2]

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 4

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

Programming of enclaves

Challenges: Software should be self-contained and fully located inside an enclave

No dependencies

Some instructions are forbidden

No System calls

ECalls and OCalls – expensive switching mechanisms between trusted and untrusted modes

At least in 50 times slower than a system call [1, 2]

Paging

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 4

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

Enclave Page Cache (EPC) limit

100 200 200 400 600 800 92 244.8 memset chunk size (MiB) memset speed (MiB/sec) 50 100 35.3 %

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 5

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

EPC limit

100 200 200 400 600 800 92 244.8 memset chunk size (MiB) memset speed (MiB/sec) 50 100 35.3 % ˜92 MiB are available Heavyweight paging

Involves a kernel Threads should exit Encryption/decryption Integrity protection

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 5

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

STANlite

STANlite: a secure database for data processing in clouds Built on top of SGX Enclaves Processes large volumes of data without paging ECall-free high-performance communications over Remote Direct Memory Access (RDMA)

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 6

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

Agenda

Implementation of key components Evaluation Related works Conclusion

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 7

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

STANlite

Enclaved software can access untrusted memory The database can manage own pages

Swap in and swap out on request Keep frequently used content inside Evict rarely used content in encrypted form

Fix memory layout to prevent the heavyweight paging

Database engine Heap Content 0x0 Evicted Pages 0xff..f Enclave 92MiB in size Process virtual memory

⇒ Special Virtual Memory Engine (VME)

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 8

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

Architecture

VME components: Warm Store Cold Store Least Recently Used list Swapping: Encryption/Decryption Hash sums for rollback attacks prevention

C2 C0 C4 C5

Warm Store

SQL Engine XX C1 XX C3 XX XX

Cold Store

Enclave Virtual Memory Engine

encrypt decrypt write read

Communication Layer Client Client

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 9

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

Table of Contents

Implementation of key components Evaluation Related works Conclusion

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 10

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

The basis

SQLite as SQL engine: Low footprint Read/Write semantic VME Integration: OS Interface Disabled Pager Three VME modes

STANlite Core Backend Communication layer SQL command processor Pager Interface Virtual Machine B-Tree OS Interface VME

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 11

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

VME mode: Integrity and Confidentiality (Integrity)

SQL Engine C0 C1 C2 C3 C4 C5

Cold Store Enclave write C4 encrypt C4 read C1 decrypt C1 VME

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 12

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

VME mode: +Cache (Caching)

SQL Engine XX C1 C2 C3 XX XX

Cold Store Enclave VME

C0 C5 C4

write C4 Warm Store read C3

decrypt e n c r y p t

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 13

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

VME mode: +Fetch (Fetching)

SQL Engine XX C1 C2 C3 XX XX

Cold Store Enclave VME

C0 C5 C4

fetch C4 fetch C1 Warm Store fetch C5

X

decrypt C1

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 14

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

Table of Contents

Implementation of key components Evaluation Related works Conclusion

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 15

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

Evaluation

Goals: Compare virtual memory engines in synthetic tests Real-life performance Benchmarks: Microbenchmark: a database with random access Speedtest1 benchmark: compares different request types TPC-C benchmark: real-life load Setups: VME modes: Integrity, Caching, Fetching Baselines: Enclaved vanilla SQLite, Non-enclaved vanilla SQLite

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 16

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

Microbenchmark

100 200 300 400 500 1 2 ·106 Database Size (MiB) Requests per Second

SQLite

• Encl. SQLite

Integrity Caching Fetching

50 100 %

CREATE TABLE stest(ID INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, BODY CHAR; INSERT INTO stest (BODY) VALUES(’<...>’)) SELECT * FROM stest ORDER BY RANDOM() LIMIT 1

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 17

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

Microbenchmark

100 200 300 400 500 1 2 ·106 Database Size (MiB) Requests per Second

SQLite

• Encl. SQLite

Integrity Caching Fetching

50 100 %

CREATE TABLE stest(ID INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, BODY CHAR; INSERT INTO stest (BODY) VALUES(’<...>’)) SELECT * FROM stest ORDER BY RANDOM() LIMIT 1

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 17

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

Microbenchmark

100 200 300 400 500 1 2 ·106 Database Size (MiB) Requests per Second

SQLite

• Encl. SQLite

Integrity Caching Fetching

50 100 %

CREATE TABLE stest(ID INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, BODY CHAR; INSERT INTO stest (BODY) VALUES(’<...>’)) SELECT * FROM stest ORDER BY RANDOM() LIMIT 1

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 17

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

Microbenchmark

100 200 300 400 500 1 2 ·106 Database Size (MiB) Requests per Second

SQLite

• Encl. SQLite

Integrity Caching Fetching

50 100 %

CREATE TABLE stest(ID INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, BODY CHAR; INSERT INTO stest (BODY) VALUES(’<...>’)) SELECT * FROM stest ORDER BY RANDOM() LIMIT 1

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 17

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

Microbenchmark

100 200 300 400 500 1 2 ·106 Database Size (MiB) Requests per Second

SQLite

• Encl. SQLite

Integrity Caching Fetching

50 100 %

CREATE TABLE stest(ID INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, BODY CHAR; INSERT INTO stest (BODY) VALUES(’<...>’)) SELECT * FROM stest ORDER BY RANDOM() LIMIT 1

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 17

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

Speedtest1

VMEs show better performance (1.52×–2×) for: SELECT, UPDATE, DELETE, 4-way JOINs, subquery, ANALYZE Enclaved SQLite shows better performance (1%–27%) for: INDEX, DELETE with refill, refill consumes heap memory Warm Cache improves performance (up to 2×): Integrity check, refill

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 18

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

TPC-C

5 10 15 20 1 2 3 ·104 Number of Warehouses Transaction per Second

SQLite

• Encl. SQLite

Caching Fetching

20 40 60 80 100 %

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 19

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

TPC-C

5 10 15 20 1 2 3 ·104 Number of Warehouses Transaction per Second

SQLite

• Encl. SQLite

Caching Fetching

20 40 60 80 100 %

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 19

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

TPC-C

5 10 15 20 1 2 3 ·104 Number of Warehouses Transaction per Second

SQLite

• Encl. SQLite

Caching Fetching

20 40 60 80 100 %

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 19

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

TPC-C

5 10 15 20 1 2 3 ·104 Number of Warehouses Transaction per Second

SQLite

• Encl. SQLite

Caching Fetching

20 40 60 80 100 %

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 19

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

Table of Contents

Implementation of key components Evaluation Related works Conclusion

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 20

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

Related work

Eleos – Paging for C++-based programs

Different memory types Multiple VME modes

Panoply, Graphene-SGX, SCONE – environments for legacy applications

Increase Trusted Computing Base and memory consumption

Glamdring – code partitioning

We virtualise storage memory

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 21

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

Table of Contents

Implementation of key components Evaluation Related works Conclusion

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 22

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

Conclusion

Intel SGX Trusted execution in untrusted environment Challenges: EPC limit, ECalls STANlite Enclaved in-memory database Virtual memory engine RDMA-based communication layer Evaluation Microbenchmark: 4.44× Speedtest1: 1.79× TPC-C (2GiB): 2.44×

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 23

STANlite – a database engine for secure data processing at rack-scale level

Design of STANlite Implementation of key components Evaluation Related works Conclusion

References

• M. Orenbach, P. Lifshits, M. Minkin, and M. Silberstein, “Eleos: ExitLess OS Services

for SGX Enclaves,” in EuroSys, 2017, pp. 238–253.

• O. Weisse, V. Bertacco, and T. Austin, “Regaining Lost Cycles with HotCalls: A Fast

Interface for SGX Secure Enclaves,” in Proceedings of the 44th Annual International Symposium on Computer Architecture, 2017, pp. 81–93.

• V. A. Sartakov, N. Weichbrodt, S. Krieter, T. Leich, R. Kapitza Page 24

STANlite – a database engine for secure data processing at rack-scale level